commit 6451efe53ed524df7a1aa0f4d866880a796f3133 Author: Damian Johnson atagar@torproject.org Date: Sat Mar 24 15:06:26 2018 -0700
Check that authorities have the descriptors of each other
Stem's integ tests ran into an issue where tor26 lacked moria1's server descriptor. Turns out this is a longstanding issue due to tor26 holding on to an outdated ed25519 key. Providing a notice for this. --- consensus_health_checker.py | 25 +++++++++++++++++++++++++ data/consensus_health.cfg | 1 + 2 files changed, 26 insertions(+)
diff --git a/consensus_health_checker.py b/consensus_health_checker.py index 72f50f9..13dddd4 100755 --- a/consensus_health_checker.py +++ b/consensus_health_checker.py @@ -315,6 +315,7 @@ def run_checks(consensuses, votes):
checker_functions = ( missing_latest_consensus, + missing_authority_descriptor, consensus_method_unsupported, different_recommended_client_version, different_recommended_server_version, @@ -367,6 +368,30 @@ def missing_latest_consensus(latest_consensus, consensuses, votes): return Issue(runlevel, 'MISSING_LATEST_CONSENSUS', authorities = ', '.join(stale_authorities), to = stale_authorities)
+def missing_authority_descriptor(latest_consensus, consensuses, votes): + """ + Check that each authority has server descriptors for the others. This arises + when authorities change their Ed25519 key, but others still have the old key + cached... + + Mar 23 11:51:42.617 [warn] http status 400 ("Looks like your keypair has + changed? This authority previously recorded a different RSA identity for + this Ed25519 identity (or vice versa.) Did you replace or copy some of your + key files, but not the others? You should either restore the expected + keypair, or delete your keys and restart Tor to start your relay with a new + identity.") response from dirserver '199.58.81.140:80'. Please correct. + """ + + issues = [] + + for authority, vote in votes.items(): + for peer in DIRECTORY_AUTHORITIES.values(): + if peer.fingerprint not in vote.routers: + issues.append(Issue(Runlevel.WARNING, 'MISSING_AUTHORITY_DESC', authority = authority, peer = peer.nickname, to = authority)) + + return issues + + def consensus_method_unsupported(latest_consensus, consensuses, votes): "Checks that all of the votes support the present consensus method."
diff --git a/data/consensus_health.cfg b/data/consensus_health.cfg index 326aa20..39aa2e5 100644 --- a/data/consensus_health.cfg +++ b/data/consensus_health.cfg @@ -2,6 +2,7 @@
msg LATENCY => Downloading the consensus from {authority} took {time_taken}. Median download time is {median_time}: {authority_times} msg MISSING_LATEST_CONSENSUS => The consensuses published by the following directory authorities are more than one hour old and therefore not fresh anymore: {authorities} +msg MISSING_AUTHORITY_DESC => {authority} is missing the server descriptor of {peer} msg CONSENSUS_METHOD_UNSUPPORTED => The following directory authorities do not support the consensus method that the consensus uses: {authorities} msg DIFFERENT_RECOMMENDED_VERSION => The following directory authorities recommend other {type} versions than the consensus: {differences} msg UNKNOWN_CONSENSUS_PARAMETERS => The following directory authorities set unknown consensus parameters: {parameters}